Agenda 

All curriculum for the Leadership Exchange is developed and delivered by the CISO community. We are currently conducting research with the Charlotte Leadership Board to finalize the agenda. Session times, speakers and topics may change. Please check back regularly for updates! 

Thursday, April 25, 2024
8:00 AM

Please join us for networking and breakfast.

 
 
9:10 AM

Understanding the current threat landscape and your attack surface is crucial to preparing for today’s most significant risks. CISOs must keep their organizations ready to handle rising threats, building a strong security culture capable of outpacing threat actors. With insight provided from Unit42 on the current threat landscape, this panel discussion will reflect on how CISOs and technology partners prepare for today’s most significant risks and argue for adopting an innovative mindset that embraces the steady accumulation of small advancements. 

Martin Strasburger
 
10:15 AM

Rapid adoption of cloud first infrastructure and development have fueled the spread of data across diverse environments and hampered the security team’s insight into potential risk. As the frequency of data breaches increases, along with the costs of these attacks, CISOs must take steps to improve the organization’s data management. Join this discussion with your peers to explore: 

  • Challenges to gain visibility into sensitive data locations 
  • Current approaches to classify sensitive data and prioritize risks  
  • Best practices to build a continuous data protection strategy 
     
 
 

The unique characteristics of OT systems – legacy equipment, long lifecycles, and the convergence with IT networks – complicates deploying traditional security approaches. This roundtable discussion, led by Duke Energy’s director of OT Cybersecurity, dives into best practices and challenges to secure complex OT systems, including: 

  • How Duke Energy phased its journey to secure IT/OT and lessons learned 
  • Clearing blind spots in OT systems and gaining clarity on vulnerabilities 
  • Creating metrics on risks in OT environment and defining risk tolerance 
Liz Holland
 

Security incidents can be unpredictable, and the increased complexity of an organization’s environment requires security teams to act quickly in a high-pressure situation. This boardroom discussion explores the challenges, best practices, and resources to prepare your team and enterprise for controlled, confident action amidst the chaos. Discuss:  

  • Effective tabletop exercises to prepare and practice IR enterprise wide  
  • Your organization’s most significant incident response challenges  
  • Creating a feedback loop between threat detection, mitigation, and IR preparedness   
 
 
11:00 AM
 
 
 
11:30 AM

Identity access management is a critical element of security program innovation, laying the groundwork for organizational agility, innovation, and a consistent security posture. Discuss IAM implementation and maturation with your peers, exploring:     

  • Next gen technology governing the identity and access lifecycle   
  • Challenges addressing threat actors evolving attacks on identity 
  • Developing new metrics on the effectiveness of your IAM architecture  
 
 

The new SEC security disclosure rules and increased frequency and impact of cyber incidents have made it essential for CISOs to structure security programs that are highly measurable with clear lines from investments to risk reductions. This roundtable conversation will delve into: 

  • Defining materiality and its integration into your operations 
  • Reevaluating program structure to be more measurable 
  • Impact to a CISOs personal liability and protective measures 
 
 

CISOs today battle a relentless tide of sophisticated threats, are often under resourced, and operate under a magnifying glass, with the weight of regulatory scrutiny looming over every decision. Streamlined and advanced security operations are critical, but implementing automated workflows can be costly and confusing. Join senior security leaders for an interactive discussion on:   

  • How to address common SOAR implementation challenges   
  • Key elements to make automation playbooks successful  
  • How to train your team on automation best practices  
  • The current and future state of AI in your security stack 
 
 
12:15 PM
 
 
 
1:10 PM

Learn about innovative use cases from leading-edge technology partners. 

Kyle Pierrehumbert
 
1:20 PM

Learn about innovative use cases from leading-edge technology partners. 

Kevin DePopas
 
1:30 PM

Generative AI has taken over the conversation and, in time, will be transformative to the cyber industry and our society. But the models are still in development, and ultimately, CISOs must discern the appropriate places to leverage AI to help their company as well as define acceptable risks and proper usage. This panel explores how CISOs are vetting AI technologies, the security concerns they’re keeping an eye on, and how AI might change the future of cyber.    

 
 
2:00 PM
 
 
 
2:25 PM

The adoption of SaaS has become increasingly essential for enterprise success but integrating these services – often sitting outside of security and IT teams – introduces significant risk that can be challenging to fully understand. This roundtable is an opportunity for CISOs to share their approach to creating a comprehensive supply chain security strategy. Explore: 

  • Current challenges to detect risk in third party systems  
  • How to create accountability for software manufacturers 
  • Scope of effort to remediate third-party vulnerabilities  
  • Strategy to elevate supply chain risk to the executive level 
 
 

Reliance on siloed data and manual processes has long frustrated security leader’s attempts to understand how an organization’s cyber risk profile is moving. And, every security program is unique, requiring CISOs to truly blend art and science as they determine the most relevant information to share with leadership. Join this boardroom to discuss:  

  • Current approaches to reporting cyber risk at the board level  
  • How past security incidents have informed risk indicators 
  • How the makeup of your board changes your messaging strategy  
  • What metrics you choose to share in different scenarios  
 
 

In today's software-driven world, CISOs must emphasize product security to protect their organizations from vulnerabilities introduced during the development lifecycle. The discussion will explore the organizational and technical challenges security leaders must address to advance their product security initiatives. Discuss:  

  • Balancing security requirements against operational needs  
  • Implementing SDLC policies and CI/CD workflows   
  • How AI is enabling new opportunities and creating risk 
 
 
3:20 PM

Learn about innovative use cases from leading-edge technology partners. 

 
 
3:40 PM

Organizations are dealing with unprecedented cybersecurity challenges, from regulatory scrutiny and increased personal liability to a proliferation of data and new risk from emerging technologies. In this discussion, security executives share their advice to create organizational resiliency within complexity, the mindset leaders must adopt to create personal and team resiliency, and what the future will demand of CISOs.

 
 
4:15 PM

Enjoy networking, cocktails, and hors d'oeuvres at the closing reception.